## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Feature
## What is the current behavior?
The /events page only loads events from the Notion "Developer Events"
database and the Luma Community API. MDX files under `apps/www/_events/`
(including webinars like agency-webinar, sentry, datadog, figma-make)
are not surfaced on the listing, and past events could still appear
until the moment they ended because the filter compared against `now()`
rather than the current day.
Addresses
[DEBR-85](https://linear.app/supabase/issue/DEBR-85/events-page-powered-by-notion-page).
## What is the new behavior?
- New `getMdxEvents()` reads `apps/www/_events/*.mdx`, parses
frontmatter with `gray-matter`, and returns today-and-future events as
`SupabaseEvent`s.
- `/events` now merges Notion + mdx + Luma events.
- Past events are hidden across all sources by comparing against the
start of today (UTC) instead of `now()`, so events running today stay
visible throughout the day.
## Additional context
Links on mdx events point at the main_cta URL when it's an external
\`http(s)\` URL, otherwise fall back to the built \`/events/{slug}\`
page so on-demand recordings remain reachable.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Events can be sourced from MDX files and merged into site event
listings.
* Luma supports multiple calendars (community and hackathon) for richer
feeds.
* **Improvements**
* Events now exclude anything before the start of the current UTC day.
* Added a “Community Event” category filter and included it in counts.
* Event title typography adjusted for improved readability.
* “Hosted by” text now only shows when hosts exist; host fallbacks
standardized.
* **Chores**
* Build env updated to include hackathon API key.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
We want to upgrade to react 19. However some libraries aren't compatible
with it. Besides, `next-mdx-remote` is now archived and not maintained
anymore.
## Solution
The [NextJS
documentation)[https://nextjs.org/docs/15/app/guides/mdx#remote-mdx]
suggest using
[`next-mdx-remote-client`](https://github.com/ipikuka/next-mdx-remote-client)
which was a fork of `next-mdx-remote`.
- [x] migrate `apps/www` from `next-mdx-remote` to
`next-mdx-remote-client`
- [x] migrate `apps/www` from `next-mdx-remote` to
`next-mdx-remote-client`
I haven't noticed any change in the pages.
When upgrading to react 19, we'll have to use v2 of
`next-mdx-remote-client`.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Switched MDX rendering/serialization to a newer client-focused
implementation across docs and site for improved compatibility.
* **Bug Fixes**
* Improved handling of serialization errors so MDX failures render clear
fallback messages instead of breaking pages.
* **Chores**
* Updated local environment template value for the public anonymous key.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
- Adds `breadcrumbListSchema(items)` helper to `apps/www/lib/json-ld.ts`
and a hand-curated `apps/www/lib/breadcrumbs.ts` route map.
- Wires inline `<script type="application/ld+json">` BreadcrumbList
blocks into 18 marketing surfaces: blog (index + slug), customers (index
+ slug), events (index + slug), 5 product pages (database, auth,
storage, edge-functions, realtime), 3 modules (vector, cron, queues),
pricing, careers, company, features.
- Pages router callers wrap the script in `<Head>`; app router callers
place it directly in JSX. Dynamic surfaces append a leaf at render time
using the page's title (`frontmatter.title` for blog, `meta_title ??
title` for customers, `event.meta_title ?? event.title` for events).
- Modules sit at `Home > {Name}` since no `/modules` index page exists;
products sit at `Home > {Product}` (no shared products parent). Absolute
`https://supabase.com` URLs match the existing `CANONICAL_ORIGIN`
convention so anchors stay stable across Vercel previews.
Linear:
[GROWTH-822](https://linear.app/supabase/issue/GROWTH-822/add-breadcrumblist-json-ld-to-www-marketing-surfaces)
(sub-issue under
[GROWTH-724](https://linear.app/supabase/issue/GROWTH-724)).
> **Note on branch name:** the branch is
`pamela/growth-820-www-breadcrumb-jsonld`; the actual Linear issue is
GROWTH-822. The branch was named before the sub-issue was created.
Ignore the `820` in the branch.
Explicitly deferred (separate PRs / low SEO ROI): `/launch-week/*`,
`/solutions/*`, `/partners/*`, `/alternatives/*`, `/changelog`,
`/legal/dpa`, `/aws-reinvent-2025`, `/wrapped`, `/contribute/*`,
`/brand-assets`, `/ga`, `/ga-week`, `/state-of-startups*`, and the
homepage (Organization + WebSite already cover homepage entity signals;
single-item BreadcrumbList is ignored by Google).
## Test plan
- [x] On the Vercel preview, `curl -s https://<preview>/database | grep
'"BreadcrumbList"'` returns the script block with `Home > Database`.
- [x] `curl -s https://<preview>/blog/<recent-slug> | grep
'"BreadcrumbList"'` returns `Home > Blog > {post title}`.
- [x] `curl -s https://<preview>/customers/<slug> | grep
'"BreadcrumbList"'` returns `Home > Customer Stories > {customer
title}`.
- [x] `curl -s https://<preview>/events/<slug> | grep
'"BreadcrumbList"'` returns `Home > Events > {event title}`.
- [x] `curl -s https://<preview>/modules/vector | grep
'"BreadcrumbList"'` returns `Home > Vector`.
Recent changes to blog pages surfaced existing errors because we stopped
silently swallowing errors. We were not properly handing the case when
the requested slug was not found, now this properly calls notFound()
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Enhanced error handling for missing blog posts to display a proper
"Not Found" page instead of showing an application error when users
attempt to access unavailable blog content.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Render blog posts on server so they are available in initial HTML
response.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* New collapsible sections for blog content
* Server-side MDX compilation for blog posts
* Improved TOC extraction producing both structured JSON and markdown
* **Refactor**
* Blog rendering converted to a server-rendered flow with unified MDX
components
* Tag handling normalized for related-post matching
* **Bug Fixes**
* Consistent image/self-closing tag normalization and corrected TOC
indentation
* Errors are now surfaced instead of being swallowed
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
www pages that use DefaultLayout are bailing out of SSR because of
useSearchParams. Removing the useSearchParams opts more pages (including
the pricing page) into SSR.
_However_, it breaks the build because once blog pages are opted into
SSR, they fail due to next-mdx-remote/codehike incompatibilities. So we
also need to opt blog pages back _out_ of SSR using next/dynamic. This
reproduces previous behaviour for the blog.
Also had to remove suspense wrapper around everything because that was
causing the content div to be streamed in a hidden later chunk
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added support for the Contribute section with improved state
management integration.
* **Performance Improvements**
* Optimized blog post rendering with client-side enhancements.
* Improved navigation and layout loading strategies.
* **Refactor**
* Simplified provider architecture for better maintainability.
* Restructured internal component organization.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
- change changelog.md formatting
- make changelog entries slugs more descriptive (eg
/changelog/123-new-change)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Updated changelog entry URLs to use slug-based identifiers instead of
numeric IDs for improved readability and SEO-friendliness, with
automatic redirects for existing links.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
Adds `/<page>.md` routes for 10 marketing/product pages (homepage, auth,
database, edge-functions, realtime, storage, vector, pricing,
modules/cron, modules/queues) so AI agents can fetch clean markdown
instead of parsing JS-rendered HTML. Also advertises the markdown
alternate via `<link rel="alternate" type="text/markdown">` on marketing
and docs pages so agents can discover it.
Pricing is generated dynamically via `generatePricingContent()` (single
source of truth with `/llms.txt` and `/llms-full.txt`); the other nine
slugs are bundled at build time from `content/md/*.md` into a
`MD_CONTENT` map.
Supersedes #44891 (rebased fresh off current master to avoid a 9-commit
replay over rename/rename conflicts created by #44897).
## Changes
- New `/api-v2/md/[...slug]` route handler returns the bundled markdown
(or dynamic pricing) with `Content-Type: text/markdown`,
`X-Content-Type-Options: nosniff`, and appropriate cache headers
- Middleware rewrites `/<slug>.md` and `Accept: text/markdown` to the
API route for the `MD_PAGES` allowlist; trailing-slash variants
(`/auth/`) are normalized so they resolve the same as `/auth`
- Build-time codegen `scripts/generateMdContent.mjs` scans `content/md/`
and emits `app/api-v2/md/content.generated.ts` exporting both
`MD_CONTENT` (Map) and `MD_PAGES` (Set, incl. dynamic `pricing`). Fails
the build on slug collision between `content/md/` and `DYNAMIC_SLUGS`.
Adding a new marketing `.md` is just dropping a file in `content/md/`
(also update `PRODUCT_OVERVIEW_LINKS` in `/llms.txt` since that list is
editorial).
- 8 permanent redirects `/llms/<product>.txt` → `/<product>.md` so
legacy URLs in caches and downstream `llms.txt` copies keep working
- `/llms.txt` product overview now references `.md` URLs (incl.
`modules/cron`, `modules/queues`); `/llms-full.txt` iterates
`MD_CONTENT.values()` (homepage first, then alphabetical) and appends
dynamic pricing
- `/llms/[slug]` route slimmed to proxy SDK reference files (`js.txt`,
`dart.txt`, etc.) since redirects handle product slugs and pricing;
pricing branch retained as fallback in case redirects are bypassed
- `apps/www/pages/_app.tsx` injects the alternate link conditionally
based on `MD_PAGES`; `/pricing` (app router) sets it via page metadata
- `apps/docs/app/page.tsx` (the `/docs` root) sets the text/markdown
alternate to `/llms-full.txt`; per-guide pages override with their
specific `.md` URL via `genGuideMeta` in `GuidesMdx.utils.tsx`. Other
docs pages (reference, troubleshooting) inherit nothing.
- `apps/www/.vercelignore`: replaces the prior `*.md`/`README.md` rules
with `*.md` + `!content/md/**/*.md` so Edge Function READMEs and future
scratch `.md` files aren't silently shipped to the build artifact
- Drops `apps/www/data/llms/*.txt` and the related
`outputFileTracingIncludes`
- Test coverage for the new middleware branches: `.md` suffix rewrite
(allowlisted vs. fall-through), `Accept: text/markdown` content
negotiation, trailing-slash normalization
## Testing (Vercel preview)
Local dev server smoke tests passing on `:3771` after each iteration.
Re-verified on the preview URL after the latest hardening commit:
- [x] `curl -I https://<preview>/llms/auth.txt` — expect `308 Permanent
Redirect` to `/auth.md`
- [x] `curl https://<preview>/auth.md | head -3` — expect `# Supabase
Auth`
- [x] `curl https://<preview>/pricing.md | head -3` — expect `# Supabase
Pricing` with current tier values
- [x] `curl https://<preview>/modules/cron.md | head -3` — expect `#
Supabase Cron`
- [x] `curl -H 'Accept: text/markdown' https://<preview>/ | head -3` —
expect `# Supabase` (homepage.md)
- [x] `curl https://<preview>/llms.txt` — Product Overview section lists
`.md` URLs and includes Cron + Queues
- [x] `curl https://<preview>/llms-full.txt | grep -E '^# Supabase
(Cron\|Queues\|Pricing)'` — Cron and Pricing each match once; Queues
matches twice (marketing module + existing docs guide)
- [x] View source on `/`, `/pricing`, `/database` — expect `<link
rel="alternate" type="text/markdown" href="/<slug>.md">`
- [x] View source on `/docs` — expect `<link rel="alternate"
type="text/markdown" href="/llms-full.txt">`
- [x] View source on a docs guide page (e.g., `/docs/guides/auth`) —
expect per-guide `.md` alternate; reference/troubleshooting pages should
NOT emit a markdown alternate
- [x] `curl -I https://<preview>/auth.md` — expect
`X-Content-Type-Options: nosniff`
- [x] `curl -I -L -H 'Accept: text/markdown' https://<preview>/auth/` —
should resolve to markdown content (trailing-slash normalization, with
Vercel's auto-redirect)
## Linear
- fixes GROWTH-760
## Follow-up (separate PR)
GROWTH-760 also asks about extending `.md` to blog/customers/events.
Different mechanism (path-prefix middleware, MDX read at request time
via `gray-matter`) so it deserves its own review. Will open a follow-up
PR after this lands.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Serve prebuilt and dynamic Markdown docs via new markdown endpoints
and routing; pages now advertise markdown alternates (including
pricing).
* Added Cron and Queues module documentation pages.
* **Documentation**
* Minor formatting tweaks to Realtime and Storage docs.
* **Chores**
* Added build-time Markdown content generation and adjusted
ignore/deploy rules for generated files.
* Added redirects from legacy text-based product URLs to new markdown
pages.
* **Tests**
* Expanded tests for markdown routing and content-negotiation behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Added three new webinar pages:
- Upcoming webinar with Datadog
- Upcoming webinar with Figma
- Upcoming webinar with Sentry (made it a proper webinar page so that we
can embed the video later and keep it in the past webinars library)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added three upcoming webinar events for 2026 featuring Sentry,
Datadog, and Figma Make integrations
* Added three new speaker profiles to the event roster
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update (redirect)
## What is the current behavior?
The documentation page at `/ui/docs/ai-editors-rules/prompts` exists but
should redirect to a new location.
## What is the new behavior?
Added a permanent redirect from `/ui/docs/ai-editors-rules/prompts` to
`/ui/docs/ai-editors-rules/skills` to reflect documentation
reorganization.
## Additional context
This redirect ensures that any existing links or bookmarks to the old
prompts documentation path will automatically direct users to the new
skills documentation page, maintaining a good user experience during the
documentation restructuring.
https://claude.ai/code/session_015A5BSsfVyYUgsneE9LpFeM
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated documentation redirect rules to automatically forward users
accessing legacy documentation paths to their updated locations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Claude <noreply@anthropic.com>
Updates our documentation pages around the Data API to include
instructions on how to grant the necessary privileges across API roles
across tables and functions. Current behaviour means this is largely
unnecessary as privileges are granted by default on public schema, but
adding instructions will help cover scenarios where this isn't the case
and expose some of the underlying magic happening.
## To test:
- These updates refer to new settings that are added to the data api
that give more visibility and control over what tables and functions are
accessible via the api.
- To view these settings you'll need enable `tableEditorApiAccessToggle
` feature flag
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a new "Data API" guide and removed the old "Hardening the Data
API" page
* Updated navigation links to surface the new Data API guide
* Expanded quickstarts, SDK install pages, and security guides with
step‑by‑step Data API exposure, default‑privileges, RLS guidance, and
SQL GRANT examples (including function EXECUTE notes)
* Updated troubleshooting references and added redirects for legacy
documentation paths
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: SaxonF <1072756+SaxonF@users.noreply.github.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES/NO
## What kind of change does this PR introduce?
- Connected our notion db as source of truth for events.
- Refreshed layout a bit
- Fixed jumping gap when no upcoming events.
[DEBR-229](https://linear.app/supabase/issue/DEBR-229/fix-jumping-gap-on-website-events-page)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* "Speaking" badge highlights presenter events
* "Meet with us" secondary button for meetings
* Added "Conference" category filter; removed "On demand"
* Events now come from a single Notion-backed source
* **UI/Design Changes**
* Redesigned event banner and responsive layout (no cover image)
* Register button now shows a right-arrow icon; CTAs open in a new tab
* Event cards show up to 3 categories with "+N more" and support
multi-day ranges
* **Behavior**
* Events sort newest/upcoming first (descending date)
* Search/filters operate over a single unified events list
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
The docs build had a fragile implicit dependency on www's filesystem
(`../../../apps/www/public/llms`), flagged by the docs team in #44670.
Rather than formalising that dependency with a shared package, this PR
eliminates it entirely by making www the sole owner of llms content
assembly.
**How it works now:**
`/llms/[slug]` handles all `/llms/*.txt` requests via a 3-step cascade:
1. Dynamic content — `pricing.txt` generated at request time from
`shared-data` imports
2. Local file — product overviews read from `data/llms/`
3. Docs proxy — reference docs (guides, js, dart, etc.) fetched from the
docs app
No hardcoded slug lists, so adding new content just works.
**What changed:**
- `apps/docs/scripts/llms.ts` trimmed to only generate per-source
reference files — www now owns `llms.txt`, `llms-full.txt`, and product
overviews
- Removed `generateLlmsPricing.mjs` build script — pricing generated
dynamically from `shared-data`
- Removed llms rewrites from `rewrites.js` — routes handle everything
with consistent `Cache-Control: public, s-maxage=3600,
stale-while-revalidate=86400`
- Product overview `.txt` files moved from `public/llms/` → `data/llms/`
so all requests go through routes for consistent caching
**Docs team concerns from GROWTH-773:**
| Concern | Resolution |
|---------|-----------|
| Docs build depends on www files at a fragile relative path | Path
removed — docs no longer reads from www |
| www restructuring breaks docs with no obvious connection | Eliminated
— no cross-app filesystem dependency |
| No build order enforcement between www and docs | Not needed — docs
doesn't depend on www's build output |
## To test
- `curl <preview>/llms.txt` — markdown index with doc + product overview
links
- `curl <preview>/llms-full.txt` — combined product overviews + docs
content
- `curl <preview>/llms/pricing.txt` — dynamically generated pricing
tables
- `curl <preview>/llms/auth.txt` — product overview from local file
- `curl <preview>/llms/guides.txt` — proxied from docs app
- `curl <preview>/llms/nonexistent.txt` — 404
- Verify `Cache-Control` header on all responses
---------
Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Bug fix
## What is the current behavior?
Social-media crawlers (X, LinkedIn, etc.) cache the dynamic OG images
generated by the `generate-og` Edge Function. When an OG image is
updated or a crawler caches the wrong image, the stale version persists
indefinitely because the URL doesn't change between deploys.
## What is the new behavior?
`getAbsoluteBlogSocialImage` now appends a `&v={timestamp}` parameter to
OG image URLs that point to the `generate-og` Edge Function. The
timestamp is evaluated once at build time (`Date.now()`), so each deploy
produces unique meta tag URLs that bypass crawler caches. Static image
URLs are left untouched.
## Additional context
Only affects the `og:image` and `twitter:image` meta tags — on-site
thumbnails and other image references are unchanged.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **Bug Fixes**
* Fixed cache refresh behavior for dynamically generated OG images to
ensure updated content is served with each deployment.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Added a blog post and og/thumb images for the GitHub 100,000 stars
announcement.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Embedded an interactive Developer Growth chart into the new blog post
announcing the milestone.
* **Documentation**
* Published a blog celebrating 100,000 GitHub stars with historical
context, a product principles excerpt, links to related projects, and a
community thank-you.
* Updated the site RSS feed to include the new post and other recent
entries.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR updates @supabase/*-js libraries to version 2.100.1.
**Source**: supabase-js-stable-release
**Changes**:
- Updated @supabase/supabase-js to 2.100.1
- Updated @supabase/auth-js to 2.100.1
- Updated @supabase/realtime-js to 2.100.1
- Updated @supabase/postgest-js to 2.100.1
- Refreshed pnpm-lock.yaml
This PR was created automatically.
Edit by @mandarini:
Fix type error in `lib/events.ts` caused by `supabase-js` `v2.100.1`
adding strict column name validation to `.eq()`. Updated the `meetups`
table definition in `database.types.ts` to include missing columns
(`is_published`, `country`, `start_at`, `launch_week`).
---------
Co-authored-by: supabase-workflow-trigger[bot] <266661614+supabase-workflow-trigger[bot]@users.noreply.github.com>
Co-authored-by: Katerina Skroumpelou <sk.katherine@gmail.com>
This PR moves several components which rely on `next` out of the `ui`
package to the `ui-patterns` package.
`ui-patterns` package is intented to be imported with specific imports
so it's ok if there are components reliant on `next` in there.
The `SonnerToaster` component has removed its dependency by requiring a
prop for `theme`.
Reverts supabase/supabase#44109
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
New blog post for Stripe Projects
## What is the current behavior?
N/A
## What is the new behavior?
Adds a new blog post: "Supabase joins the Stripe Projects Developer
Preview" and adds Gregor Vand and Ana Mogul to authors.json.
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
New blog post for Stripe Projects
## What is the current behavior?
N/A
## What is the new behavior?
Adds a new blog post: "Supabase joins the Stripe Projects Developer
Preview" and adds Gregor Vand and Ana Mogul to authors.json.
---------
Co-authored-by: Ana <ana1337x@users.noreply.github.com>
## What kind of change does this PR introduce?
- Bug fix that resolves DEPR-396
- Additional improvements to blog post image handling
## What is the current behavior?
Blog post Open Graph metadata often prefers `imgThumb` over `imgSocial`,
so social previews on X, iMessage, and similar surfaces can render the
on-site thumbnail instead of the intended social image.
The image selection and path-normalization rules are also duplicated
across blog surfaces, which makes the precedence rules easy to drift.
## What is the new behavior?
- Centralizes blog image handling in `apps/www/lib/blog-images.ts`
- Uses `imgSocial` first, then `imgThumb`, for blog OG/Twitter metadata
- Uses `imgThumb` first, then `imgSocial`, then the placeholder, for
blog thumbnails and post hero images
- Normalizes relative blog image paths into absolute URLs for metadata
- Adds warning-only validation during content reads/builds for partial
or malformed `imgSocial` / `imgThumb` config
- Updates a few recent blog posts so `imgThumb` is a thumbnail-only
asset instead of duplicating the social image
## Additional context
- Replaces #42319 with the additional above fixes
- Added unit coverage for the shared image helper
---------
Co-authored-by: Alan Daniel <stylesshjs@gmail.com>
*Summary*
- reorganize the navigation menu to highlight modules, consolidate API
security content, and move guide entries (auto-generated docs, type
generation, security topics) to the intended sections
- relocate the Data API hardening and custom claims RBAC guides into the
API subtree, updating internal references and redirects, and fixing
cross-links (including adjusting the Security reference order)
- adjust data API topic references (e.g., securing guide and role
management) to point to the new paths and ensure the helper link
ordering follows the requested layout
*Testing*
- Not run (not requested)
Change 1
<img width="1286" height="576" alt="image"
src="https://github.com/user-attachments/assets/d903e9b0-bbfc-403f-bcb9-eee540e466db"
/>
Change 2
<img width="1176" height="666" alt="image"
src="https://github.com/user-attachments/assets/82b3ea4c-b8d4-4cb9-ad90-6c39c8a1a997"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Reorganized API documentation structure, consolidating REST and
GraphQL API guides under a dedicated API section.
* Moved security-related guides to API documentation paths for better
organization.
* Implemented automatic redirects for old documentation links to new
locations.
* Updated navigation menu to reflect the restructured documentation
layout.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
This adds a component showing a list of AI curated related threads to
the detail thread view.
## What is the current behavior?
This is not available.
## What is the new behavior?
A new component on the thread view.
## Additional context
Add any other context or screenshots.
---------
Co-authored-by: Danny White <3104761+dnywh@users.noreply.github.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES/NO
## What kind of change does this PR introduce?
Bug fix, feature, docs update, ...
## What is the current behavior?
Please link any relevant issues here.
## What is the new behavior?
Feel free to include screenshots if it includes visual changes.
## Additional context
Add any other context or screenshots.
## I have read the CONTRIBUTING.md file.
YES
## What kind of change does this PR introduce?
Dependency upgrade (next-mdx-remote v4 → v6)
## What is the current behavior?
The docs app uses next-mdx-remote v4.4.1 with MDX v2.
## What is the new behavior?
- Upgraded to next-mdx-remote v6.0.0 (uses MDX v3)
- Updated @mdx-js/loader and @mdx-js/react to v3
- Upgraded remark-gfm to v4 for MDX v3 compatibility
- Removed deprecated `useDynamicImport` option (now default)
- Added `blockJS: false` to preserve JS expressions in MDX content
Build compiles successfully. Testing shows the same pre-existing
prerender error on /guides/troubleshooting as on master (supabaseUrl is
required).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Upgraded MDX and markdown tooling to major releases (MDX v3,
next-mdx-remote v6, remark-gfm v4).
* Adjusted MDX serialization to disable embedded JS handling and remove
legacy dynamic-import behavior for more consistent rendering of docs,
guides, and code examples.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
This PR removes all CMS code from the `www` app. This includes fetching
of blog posts, API routes for proxying blog posts and types.
All functionality should remain the same (and the number of blog posts
should be the same).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Removed CMS integration, APIs, preview/draft/revalidate endpoints,
related env vars and dependency; switched to static markdown-only blog
pipeline.
* **Refactor**
* Simplified image and author resolution, tightened component props to
static post shapes, and migrated imports to path aliases.
* **Documentation**
* Deleted CMS integration docs and rich-text conversion helpers.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Redirects https://supabase.design -> https://supabase.com/design-system
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated URL routing to redirect /design to /design-system (permanent).
* Added a host-based permanent redirect so requests from the
supabase.design domain forward to the design-system on supabase.com.
* Ensures both the explicit /design path and any paths on the design
subdomain resolve to the canonical design-system site.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Danny White <3104761+dnywh@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
## What kind of change does this PR introduce?
Frontmatter name change.
## What is the current behavior?
We repeatedly mistake `thumb` for `image` and visa versa, meaning the
wrong images are used for Open Graph and in-site thumbnails on blog
posts. Events and case studies use the same naming convention too.
## What is the new behavior?
These two bits of frontmatter are renamed for clarity:
- Blog posts: `imgThumb` + `imgSocial`
That mapping for blog posts:
- `thumb` is now `imgThumb`
- `image` is now `imgSocial`
These related bits remain as-is:
- Events
- Case studies
The
[www/README.md](https://github.com/supabase/supabase/blob/dnywh/chore/blog-image-frontmatter/apps/www/README.md#best-practices)
file has been expanded to clarify all of the above. It now also provides
instructions on image optimisation.
## To test
A lot of files were touched here. Please help make sure:
- [ ] The CMS works as intended. This is the **biggest unknown**.
- [x] All blog posts render the correct image as their on-site thumbnail
and Open Graph image. You can test the latter by firing up a draft
iMessage. Online Open Graph services like Facebook cache images, so
aren’t reliable.
- [x] All events render their correct images
- [x] All case studies render their correct images
- [x] All customer stories render their correct images ([known
issue](https://supabase.slack.com/archives/C072FL5KKKP/p1768888063209359?thread_ts=1768885681.502169&cid=C072FL5KKKP),
predates this work)
* Add blog post: Supabase PrivateLink is now available
- Add new blog post announcing PrivateLink launch
- Add Miles Thomas to authors.json
- Include OG and thumbnail images
- Category: launch-week
* Add toc_depth to blog post frontmatter
---------
Co-authored-by: Ana Mogul <ana1337x@users.noreply.github.com>
* docs: fix broken links in migration guide
Title
fix(docs): update broken next steps links in ssr guides
Description
Fixes#41467
Changes
Updates the "Next steps" section in the following server-side authentication guides:
apps/docs/content/guides/auth/server-side/migrating-to-ssr-from-auth-helpers.mdx
apps/docs/content/guides/auth/server-side/creating-a-client.mdx
Reason
The links in these files were pointing to deprecated "PKCE flow" pages (e.g., email-based-auth-with-pkce-flow-for-ssr) which have been removed from the documentation, resulting in 404 Not Found errors for users attempting to follow the migration or setup steps.
Solution
Remapped the broken links to the currently active, canonical documentation pages:
For migrating-to-ssr-from-auth-helpers.mdx:
Email/Password: .../email-based-auth-with-pkce-flow-for-ssr → /docs/guides/auth/passwords
OAuth: .../oauth-with-pkce-flow-for-ssr → /docs/guides/auth/social-login
SSR Overview: .../guides/auth/server-side → /docs/guides/auth/server-side-rendering
For creating-a-client.mdx:
Email/Password: .../email-based-auth-with-pkce-flow-for-ssr → /docs/guides/auth/passwords
OAuth: .../oauth-with-pkce-flow-for-ssr → /docs/guides/auth/social-login
SSR Overview: .../guides/auth/server-side-rendering → /docs/guides/auth/server-side/advanced-guide (Updated to point to the Advanced Guide to avoid circular linking, or as appropriate for the context).
Verification
Verified that the new target pages exist and cover the relevant SSR/PKCE context needed for these steps.
* fix(www): add redirects for deprecated auth ssr paths
Adds permanent redirects to handle 404 errors for deprecated PKCE flow URLs that were removed in recent updates.
Mappings added:
- /docs/guides/auth/server-side/email-based-auth-with-pkce-flow-for-ssr → /docs/guides/auth/passwords
- /docs/guides/auth/server-side/oauth-with-pkce-flow-for-ssr → /docs/guides/auth/social-login
.
* fix(docs): update broken next steps links in ssr guides
Updates the "Next steps" section in server-side auth guides to point to the correct active documentation.
Replaces broken 404 links to deprecated PKCE flow guides with links to:
- /docs/guides/auth/passwords
- /docs/guides/auth/social-login
- /docs/guides/auth/server-side-rendering
Affected files:
- apps/docs/content/guides/auth/server-side/migrating-to-ssr-from-auth-helpers.mdx
- apps/docs/content/guides/auth/server-side/creating-a-client.mdx
* fix(docs): update broken next steps links in ssr guides
Updates the "Next steps" section in server-side auth guides to point to the correct active documentation.
Replaces broken 404 links to deprecated PKCE flow guides with links to:
- /docs/guides/auth/passwords
- /docs/guides/auth/social-login
- /docs/guides/auth/server-side-rendering
Affected files:
- apps/docs/content/guides/auth/server-side/migrating-to-ssr-from-auth-helpers.mdx
- apps/docs/content/guides/auth/server-side/creating-a-client.mdx
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
* open source section
* Implement kFormatter utility for number formatting in thousands notation and update OpenSourceSection to use it for displaying GitHub stars.
Alan Daniel